RT4175: Fix PKCS7_verify() regression with Authenticode signatures
This is a partial revert of commit c8491de3 ("GH354: Memory leak fixes"), which was cherry-picked from commit 55500ea7 in OpenSSL 1.1. That commit introduced a change in behaviour which is a regression for software implementing Microsoft Authenticode — which requires a PKCS#7 signature to be validated against explicit external data, even though it's a non-detached signature with its own embedded data. The is fixed differently in OpenSSL 1.1 by commit 6b2ebe43 ("Add PKCS7_NO_DUAL_CONTENT flag"), but that approach isn't viable in the 1.0.2 stable branch, so just comment the offending check back out again. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
parent
f78baa9d
Please register or sign in to comment